Architecture, DNS, Hacking and Information Security

Cuttlefish malware targets enterprise-grade SOHO routers

Security Affairs

MAY 1, 2024

The malicious code can also perform DNS and HTTP hijacking within private IP spaces. “What makes this malware family so insidious is the ability to perform HTTP and DNS hijacking for connections to private IP addresses. The binary analyzed by the researchers is compiled for all major architectures used by SOHO operating systems.

Malware

Malware DNS Authentication Telecommunications

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Security Affairs

JULY 4, 2019

Researchers at Network Security Research Lab of Qihoo 360 discovered a Lua-based backdoor dubbed Godlua that targets both Linux and Windows systems. The peculiarity of this new piece of malware is the ability to communicate with C2 servers via DNS over HTTPS ( DoH ). com domain. ” states the analysis. ” states the analysis.

DNS

DNS Malware Advertising DDOS

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

Security Affairs

JANUARY 18, 2024

Unified Extensible Firmware Interface (UEFI) is a specification that defines the architecture of the platform firmware used for booting the computer hardware and its interface for interaction with the operating system. ” states CERT/CC. . ” states CERT/CC.

Firmware

Firmware DNS Advertising Architecture

China-linked LightBasin group accessed calling records from telcos worldwide

Security Affairs

OCTOBER 20, 2021

China-linked cyberespionage group LightBasin hacked mobile telephone networks around the world and used specialized tools to access calling records. ” The hacking group initially compromised one of the telecommunication companies by leveraging external DNS (eDNS) servers which are part of the General Packet Radio Service (GPRS) network.

Telecommunications

Telecommunications Mobile Hacking Architecture

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Security Affairs

NOVEMBER 1, 2021

The botnet leverages a robust architecture based on a combination of third-party services, P2P, and Command & Control servers. This architecture was implemented to make the botnet resilient to takedowns by law enforcement and security firms with the support of the vendors of the infected devices. Pierluigi Paganini.

Architecture

Architecture DDOS Advertising DNS

Discovery of Simps Botnet Leads To Ties to Keksec Group

Security Affairs

MAY 18, 2021

The script downloaded several next stage payloads for several *nix architectures from the open directory named “Simps” in the same C2 URL from where the shell script was downloaded (see Figure 1). SecurityAffairs – hacking, Simps Botnet). Figure 1: Malicious Shell script dropping payloads. 200 in simps directory to tmp.

DDOS

DDOS Malware Architecture IoT

15 Top Cybersecurity Certifications for 2022

eSecurity Planet

JUNE 21, 2022

Thycotic chief security scientist Joseph Carson told eSecurity Planet that choosing a certification should ultimately be about deciding which skillset or professional direction you want to focus on. It confirms that certificate holders are qualified for hands-on IT security roles by validating their understanding of information security.

Cybersecurity

Cybersecurity Penetration Testing System Administration Cyber Attacks

PurpleFox botnet variant uses WebSockets for more secure C2 communication

Security Affairs

OCTOBER 20, 2021

The payload fetched by the PowerShell targets 64-bit architecture systems, it is a long script consisting of three components: Tater (Hot Potato – privilege escalation) PowerSploit Embedded exploit bundle binary (privilege escalation). SecurityAffairs – hacking, PurpleFox botnet). Follow me on Twitter: @securityaffairs and Facebook.

Encryption

Encryption DNS Architecture Firewall

Trend Micro observed notable malware activity associated with the Momentum Botnet

Security Affairs

DECEMBER 18, 2019

The Momentum bot targets various Linux platforms running upon multiple CPU architectures, including ARM, MIPS, Intel, and Motorola 68020. ” Momentum supports 36 different methods for DDoS attacks, including multiple reflection and amplifications attack methods that target MEMCACHE , LDAP , DNS and Valve Source Engine.

Malware

Malware DDOS DNS Advertising

What Is a DMZ Network? Definition, Architecture & Benefits

eSecurity Planet

APRIL 7, 2023

An effective way to make sure users can only access the resources they need is to isolate them in a new subnetwork or network segment with its own access, security, and operational rules. DMZ networks typically contain external-facing resources such as DNS, email, proxy and web servers.

Architecture

Architecture Firewall Network Security Technology

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Security Affairs

OCTOBER 14, 2019

The PortReuse backdoor has a modular architecture, experts discovered that its components are separate processes that communicate through named pipes. Experts detected multiple PortReuse variants with a different NetAgent but using the same SK3.

Manufacturing

Manufacturing Mobile Malware Software

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security Affairs

OCTOBER 21, 2019

The PortReuse backdoor has a modular architecture, experts discovered that its components are separate processes that communicate through named pipes. Experts detected multiple PortReuse variants with a different NetAgent but using the same SK3.

Malware

Malware Passwords Advertising DNS

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans? They won with Mayhem, an assisted intelligence application security testing solution.

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Security Affairs

APRIL 27, 2023

The malicious code performs a DNS request every 24 hours to resolve a subdomain (hardcoded string unique for each victim). “The executable code of BellaCiao compares a resolved IP address returned by a DNS server under the control of a threat actor with an IP address that has been hardcoded into the program.

Malware

Malware DNS Media Architecture

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

ForAllSecure

OCTOBER 9, 2019

But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans? They won with Mayhem, an assisted intelligence application security testing solution.

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

ForAllSecure

OCTOBER 9, 2019

But how exactly will artificial intelligence help bridge the information security skills gap? And even with the help of machine learning algorithms, what kinds of security work is still best left to humans? They won with Mayhem, an assisted intelligence application security testing solution.

InfoSec

InfoSec Artificial Intelligence Computers and Electronics Software

Group-IB presents its annual report on global threats to stability in cyberspace

Security Affairs

NOVEMBER 29, 2019

One of the trends related to the active confrontation between attackers has been hacking back, i.e. when attackers become the victims of hacking. The past months have shown that the most dangerous hacks involved DNS hijacking, which helped attackers manipulate DNS records for MITM attacks. Pierluigi Paganini.

Banking

Banking Telecommunications Marketing Internet

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

We also provide integrated security, visibility and automation: a SOC (Security Operations Center) inside the NOC, with Grifter and Bart as the leaders. At each conference, we have a hack-a-thon: to create, prove, test, improve and finally put into production new or improved integrations.

Wireless

Wireless DNS Mobile Technology

Unveiling JsOutProx: A New Enterprise Grade Implant

Security Affairs

DECEMBER 20, 2019

For this reason, we decided to dig into this piece of malware and figure out its inner secrets, uncovering a modular architecture with advanced offensive capabilities, such as the presence of functionalities able to deal with multi-factor authentication (MFA). The “Dns” Plugin. The DnsPlugin handles the machine’s DNS configuration.

Malware

Malware DNS Architecture Advertising

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Cisco Security

MAY 27, 2022

Malware Threat Intelligence made easy and available, with Cisco Secure Malware Analytics and SecureX by Ben Greenbaum . In addition to the Meraki networking gear, Cisco Secure also shipped two Umbrella DNS virtual appliances to Black Hat Asia, for internal network visibility with redundancy, in addition to providing: .

Malware

Malware Accountability DNS Technology

Cyber Security Informer

Cuttlefish malware targets enterprise-grade SOHO routers

Godlua backdoor, the first malware that abuses the DNS over HTTPS (DoH)

Trending Sources

PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

China-linked LightBasin group accessed calling records from telcos worldwide

Pink Botnet infected over 1.6 Million Devices, it is one of the largest botnet ever seen

Discovery of Simps Botnet Leads To Ties to Keksec Group

15 Top Cybersecurity Certifications for 2022

PurpleFox botnet variant uses WebSockets for more secure C2 communication

Trend Micro observed notable malware activity associated with the Momentum Botnet

What Is a DMZ Network? Definition, Architecture & Benefits

Winnti Group was planning a devastating supply-chain attack against Asian manufacturer

Winnti APT group uses skip-2.0 malware to control Microsoft SQL Servers

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Security Ledger Podcast: Security Automation Is (And Isn't) The Future Of InfoSec

SECURITY LEDGER PODCAST: SECURITY AUTOMATION IS (AND ISN'T) THE FUTURE OF INFOSEC

Group-IB presents its annual report on global threats to stability in cyberspace

Black Hat USA 2023 NOC: Network Assurance

Unveiling JsOutProx: A New Enterprise Grade Implant

Black Hat Asia 2022 Continued: Cisco Secure Integrations

Stay Connected